Presentation is loading. Please wait.

Presentation is loading. Please wait.

Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob.

Published byNicole Darley Modified over 10 years ago

Similar presentations

Presentation on theme: "Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob."— Presentation transcript:

1 Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob

2 2 Outline Introduction to e-Auction  What is auction?  Desired properties for an e-Auction scheme  Basic e-Auction protocol e-Auction scheme  English auction  First-price sealed bid auction  Second-price sealed bid auction (Vickrey auction) Conclusion

3 3 Introduction to e-Auction An auction is a method of trading goods that do not have a fixed price Auction is based on competition and reflects the essential of market  The sellers wish to sell their goods as high as possible, the buyers want to pay as little as necessary Roles: Bidder (buyer) – Seller – Auctioneer (trusted third party)

4 4 Introduction to e-Auction Types of auctions:  English auction  Dutch auction  Sealed-bid auction: First-price, Second-price, (M+1)st- price

5 5 Desired properties Non-repudiation No framing Traceability Public verifiability Unlinkability Robustness Efficiency of bidding

6 6 Desired properties Fairness  All bids should be dealt with in a fair way, e.g., no information about bidding will be disclosed to give any bidder unfair advantage Bidder privacy  No bidder’s identity or trading history will be revealed even after the auction session.  The secrecy of losing bids should be kept. Correctness of system  The winning bid is the highest among bids were placed. The winner is the person who made that bid

7 7 Basic auction protocol Initialization Auctioneer sets the system parameters and publishes them Bidder registration A bidder sends the Auctioneer her/his public key to register Auction preparation The Auctioneer computes the preparation data for each auction. A bidder may download her/his information for bidding Bidding A bidder computes her/his bid information and places her/his bid Opening a winning bid The Auctioneer computes only a winning bid while keeping the other bids secret (not needed in public auction) Winner decision The Auctioneer identifies only a winner while keeping loser’s anonymity

8 8 English auction scheme Proof of knowledge  PK(y = P(  )) is the proof of knowledge between two parties  given the publicly known value y, the Prover knows the value of  such that the predicate P(  ) is true.  Signature based on a Proof of Knowledge (SPK) SPK[(  ): y = g  ] (m)

9 9 English auction scheme 2 Bulletin Board System (BBS)  Bulletin board is a place where people can leave public messages, e.g., to advertise things, announce events, or provide information  Can be read by anybody, but can be written only by an authority => Help reduce communication complexity 2 separate roles  AM: Auction Manager Prepare for auctions Carry out several auctions Manage the current bid value  RM: Registration Manager Manager the participants of auctions Prepare for auctions Identifies a certain bidder at the request of AM

10 10 English auction scheme Alice (y 1, x 1, m 1 ) y 1 = g x1 1.Registration (y 1, V 11 ) V 11 = SPK[(  ): y 1 = g  ] (m R ) Alice : y1 Bob : y2 Carol : y3 : Public keys grgr y3ry1ry2r:y3ry1ry2r: 2. Preparation g rs 1.T 2 = y 2 rs 2.T 3 = y 3 rs 3.T 1 = y 1 rs : 3. g rs 4. T1 = (g rs ) x1 5. Bidding (3, m 1, V 21 ) V 21 = SPK[(  ): T 1 = (g rs )  ] (m R ) Current bid value 6. Winner decision V 31 V 31 =SPK[(  ):T 1 = (y 1 r )  ] (m R ) Kazumasa OMOTE. A study on Electronic Auctions, 2002 6. Winner decision V 31 V 31 =SPK[(  ):T 1 = (y 1 r )  ] (m R )

11 11 English auction scheme Properties  Linkability in an auction (same T i in one auction)  Unlinkability among different auctions (different T i -s for different auctions)  No single authority can break anonymity and secrecy of bids

12 12 First-price sealed-bid auction Desired properties  Secrecy of bidding price => open bids from highest possible price to the winning price, all the lower prices are kept secret  Verifiability => Use public key encryption systems or hash chain technique  Undeniability => The bidder needs to sign for his bid  Anonymity => Bidders register to a registration center and get their keys for signature scheme

13 13 First-price sealed-bid auction Undeniable signature scheme  Signing algorithm  Verification protocol  a signature can only be verified with the help of the signer => Avoid replay attack  Disavowal protocol  allows the signer to prove whether a given signature is a forgery => The signer cannot deny his valid signature

14 14 First-price sealed-bid auction Bidder 1: b1 Bidder 2: b2 Bidder 3: b3 Auctioneer Price list {1, 2,…, n} Sig 1 (b 1 ) Sig 2 (b 2 ) Sig 3 (b 3 ) j = n j = n - 1 j Disavowal My sig was not a valid signature of j My sig was the valid signature of j Winning bid j Winning bidder Bidder 2 Sakurai and Miyazaki. A bulletin-board based digital auction scheme with bidding down strategy. In Proc. International Workshop on Cryptographic Techniques and E-Commerce, 1999 Undeniable signature of bidding price Sig 1 (b1) Sig 2 (b2) Sig 3 (b3)

15 15 First-price sealed-bid auction Sakurai and Miyazaki. A bulletin-board based digital auction scheme with bidding down strategy. In Proc. International Workshop on Cryptographic Techniques and E-Commerce, 1999

16 16 First-price sealed-bid auction Drawbacks of the protocol  All bidders have to communicate with the auctioneer in opening phase => Protocol 2

17 17 First-price sealed-bid auction Bidder 1: b1 Bidder 2: b2 Bidder 3: b3 Auctioneer Price list {1, 2,…, n} {(K_1; M_1), (K_2; M_2)…, (K_n; M_n)} Sako. Universally verifiable auction protocol which hides losing bids. In Proc Of SCIS’99, pages 35-39 E K_b1 (M_b1) E K_b2 (M_b2) E K_b3 (M_b3) j = n Check the equality E K_j (C_bi) = M_j ? - If such C_bi exists: winning bid is j, winning bidder is i - If there is no such C_bi: j = j – 1, repeat above step

18 18 First-price sealed-bid auction Sako. Universally verifiable auction protocol which hides losing bids. In Proc Of SCIS’99, pages 35-39

19 19 First-price sealed-bid auction Advantage  Bidders need not to communicate with the auctioneer in opening phase Disadvantage  Malicious auctioneer can reveal all bidding prices => Use plural auctioneers and distributed decryption technique

20 20 First-price sealed-bid auction Problems with sealed-bid auction methods using public key cryptosystems  Computationally expensive  Require a lot of communication  Limit the number of bidders and the range of bidding prices

21 21 First-price sealed-bid auction Bidder 1: P1 Secret seeds: (S 11, S 21,...,S a1 ) Bidder 2: P2 Secret seeds: (S 21, S 22,…,S a2 ) Bidder 3: P3 Secret seeds: (S 13, S 23,…,S a3 ) Auctioneer 1 Auctioneer a Bidi = {bi, c 1i, c 2i, …, c ai } bi = h(h Pi (S 1i )|h Pi (S 2i ) | … | h Pi (S ai )) cji = h n+1 (S ji ) (Bid1, Sig1(Bid1)) (Bid2, Sig2(Bid2)) (Bid3, Sig3(Bid3)) Publishes (Bid_i,Sig i (Bid_i) S 11 S 12 S 13 S a2 S a1 S a3 h k (S ai ) k = n Check hash chain for all bidders k = k - 1 Publishes h k (Sij) K. Suzuki, K. Kobayashi, and H. Morita. Efficient sealed-bid auction using hash chain. Proceedings of the Third International Conference on Information Security and Cryptology, Vol. 2015 of Lecture Notes In Computer Science, pages 183 – 191, 2000. Springer-Verlag. ISBN 3-540-41782-6 bi = h(h k (S 1i )|h k (S 2i )|…|h k (S ai )) ???

22 22 First-price sealed-bid auction Secrecy of bidding price  Bids are opened from the highest price to the winning price  Hash chain is distributed to plural auctioneers => losing bid prices are kept secret (besides the case all auctioneers collude) Verifiability  Anyone can verify the correctness of the hash chains which are already published Undeniability  The signer has to sign for his bid Anonymity  Each bidder can use his public key of signature to bid anonymously Efficiency

23 23 Vickrey auction Vickrey auction scheme  The bidder who offers the highest bid price gets the good at the second-highest price Attractive theoretical properties  The dominant strategy for each bidder is to place a bid honestly according to her/his own true value Rarely used in practice  Auctioneer may change the outcome of auctions  Auctioneer may reveal bidders’ private information

24 24 Vickrey auction scheme Homomorphic encryption scheme  E K (m 1 ; r 1 ). E K (m 2 ; r 2 ) = E K (m 1 +m 2 ; r 1 +r 2 ) Range proof: integer commitment scheme, plus range checking  PK(c=E K ( ,  )    [L,H])

25 25 Vickrey auction scheme Notations  S: seller  A: auction authority  B: maximum number of bidders  V: maximum number of different bids  (X 1, …, X B ): vector of bids in a nonincreasing order  In public-key cryptosystem (G,E,D), c = E K (m; r) denote the encryption of m by using a random coin r under they key K.  H: hash function

26 26 Vickrey auction Bidder 1: b1 Bidder 2: b2 Bidder 3: b3 Auctioneer Secret key: sk Seller Auctioneer’s public key: pk Sig 2 (E pk (B b2 )) Sig 1 (E pk (B b1 )) Sig 3 (E pk (B b3 )) E=∏i E pk (B bi ) Decrypt E Learn bid statistic X2X2 X2X2 X2X2 X2X2 My bid was higher than X 2 Helger Lipmaa, N. Asokan, Valtteri Niemi. Secure Vickrey Auctions without threshold trust. Technical Report 2001/095, International Association for Cryptologic Research, November 2001

27 27 Practical e-Auction systems eBay and Amazon Auction use Vickrey model with a proxy bidder facility  The bidder tells the proxy a maximum price that s/he is willing to pay  The proxy keeps this information secret and bids on the bidder’s behalf in the ascending auction.  The highest bidder wins, pays at amount equal to the second highest bidder (plus one increment).  Ebay: fixed ending time. Amazon: auctions end when there have been no new bids for ten minutes.

28 28 Conclusion Three kinds of auction schemes are surveyed  English auction scheme  First-price sealed-bid auction scheme  Second-price sealed-bid auction scheme Desired properties  Bidder privacy  Correctness of system  Efficiency

Download ppt "Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob."

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.

Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.
Securing Auctions using Cryptography Richard Barnes Cryptography Applications Bistro University of Virginia, March 16, 2004 Richard Barnes Cryptography.

Securing Auctions using Cryptography Richard Barnes Cryptography Applications Bistro University of Virginia, March 16, 2004 Richard Barnes Cryptography.
1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.

1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.
SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY.

SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY.
Auction. Definition An auction is a process of buying and selling goods or services by offering them up for bid, taking bids, and then selling the item.

Auction. Definition An auction is a process of buying and selling goods or services by offering them up for bid, taking bids, and then selling the item.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
From: Cryptographers’ Track of the RSA Conference 2008 Date:2011-11-29 Reporter: Yi-Chun Shih 1.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Chapter Seventeen Auctions. Who Uses Auctions? u Owners of art, cars, stamps, machines, mineral rights etc. u Q: Why auction? u A: Because many markets.

Chapter Seventeen Auctions. Who Uses Auctions? u Owners of art, cars, stamps, machines, mineral rights etc. u Q: Why auction? u A: Because many markets.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
VAMSEE KONERU PRADNYA SUTE

VAMSEE KONERU PRADNYA SUTE
Chapter 9: Key Management

Chapter 9: Key Management
Auctioning one item PART 2 Tuomas Sandholm Computer Science Department Carnegie Mellon University.

Auctioning one item PART 2 Tuomas Sandholm Computer Science Department Carnegie Mellon University.

Similar presentations

Ads by Google